Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of.

Published byMatthew Hoover Modified over 9 years ago

Similar presentations

Presentation on theme: "A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of."— Presentation transcript:

1 A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of Management, U C Riverside T. S. Raghu W. P. Carey School of Business, Arizona State University

2 Overview Background Research Objective Approach Model Results Extensions

3 Threats to Information Security Are Increasing Source:CERT Report

4 Background Two Orientations –Technical aspects of IDS –Business aspects of IDS Technical aspects –Network IDS Scan patterns: known attacks and abnormal traffic –Host based IDS Anomaly: based on normal behavior, Misuse: signature based

5 Business orientation Value of IDS –Low detection rates –High false alarm rates Base rate fallacy (Axellson 2000) –Low hacker to user population Focus on preventive controls –Firewalls, access controls

6 Human Intervention IDS profile –Technology, design parameters, configuration (Lippmann 2000) Receiver Operating Characteristics (ROC) curve (Trees 2001) –Detection and false alarm probabilities

7 Good

8 Case for autonomic computing Manual investigation is expensive High false alarm rates not going away High volume attack/traffic can overwhelm human resources Move to automated detection, response and healing is beneficial

9 Research objective High level systems objectives drive self- protection and self-healing properties Self-configuration is inherent in autonomic computing concept Allocation of computing resources to detect and counter attacks How do we best model intrusion game to optimally determine broad system level objectives? –Can autonomic systems automatically reconfigure in response to change in hacker patterns?

10 Approach Game theoretic approach Inspection games –Applied in piracy control, auditing, arms control Focus on detection and verification Stylistic model of intrusion detection and verification

11 Approach Three models Case 1: Manual intervention (base case) Case 2: Computational effort allocation on investigating alarms Case 3: Dynamic configuration of IDS to impact detection and false alarm probabilities

12 Assumption Exponential distribution Yields the relation Other distributions can be used, implicit relation between detection and false alarm probabilities through t is needed.

13 Model (Case 2) Threshold parameter fixed exogenously Hacker maximizes his expected utility Similarly the autonomic agent maximizes

14 Case 2 Consider D=d*E

15 Results (Case 2): Damages incurred Damage potential (d max ) increases damages incurred Detection penalty (β) decreases damages caused to the system –Deterrence improves IDS performance Increase in threshold parameter (t) and distribution parameter for hacking (θ) increases damages incurred

16 Results For a given IDS quality profile and damage potential –Low enforcement penalty possibility on hackers leads to higher threshold level for detection (low detection and low false alarms) –Higher enforcement penalty possibility on hackers leads to lower threshold level for detection (high detection and high false alarms)

17 Computational Effort Allocation of computational effort to detect and heal intrusions –Reduces with reduced convexity of cost function (parameter α) Increased cost of false alarm detection (or true alarm detection) decrease overall computational effort allocation to detection efforts Allocation of effort reduces with reduced damage potential

18 Implications Autonomic systems can adapt to different environmental and system conditions by varying the computational resources dedicated to self-healing and self-protection efforts Damages incurred by systems still depend on deterrence impact of detection efforts

19 Results (Case 3) t

20 Continuous adaptation Self-tuning or self-configuration –Adapt to changing event conditions through a gaming framework Optimization with respect to both computational effort allocation and threshold parameter Analytical solution not tractable Numerical solutions, however, are possible

21 Further work Numerical experiments currently underway How do we set effective policies to detect changes in the system environment to affect threshold changes? What are the implications of threshold parameter changes in an adaptive system? Can parameters used to specify threshold be domain independent?

Download ppt "A Game-theoretic Approach to the Design of Self-Protection and Self-Healing Mechanisms in Autonomic Computing Systems Birendra Mishra Anderson School of."

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.

Enhancing Security Using Mobile Based Anomaly Detection in Cellular Mobile Networks Bo Sun, Fei Yu, KuiWu, Yang Xiao, and Victor C. M. Leung. Presented.
Welcome to DEAS 2005 Design and Evolution of Autonomic Application Software David Garlan, CMU Marin Litoiu, IBM CAS Hausi A. Müller, UVic John Mylopoulos,

Welcome to DEAS 2005 Design and Evolution of Autonomic Application Software David Garlan, CMU Marin Litoiu, IBM CAS Hausi A. Müller, UVic John Mylopoulos,
Autonomic Systems Justin Moles, Winter 2006 Security in an Autonomic Computing Environment Paper by: D. M. Chess, C. C. Palmer S. R. White Presentation.

Autonomic Systems Justin Moles, Winter 2006 Security in an Autonomic Computing Environment Paper by: D. M. Chess, C. C. Palmer S. R. White Presentation.
Fabián E. Bustamante, Winter 2006 Autonomic Computing The vision of autonomic computing, J. Kephart and D. Chess, IEEE Computer, Jan. 2003. Also - A.G.

Fabián E. Bustamante, Winter 2006 Autonomic Computing The vision of autonomic computing, J. Kephart and D. Chess, IEEE Computer, Jan Also - A.G.
1 A Game Theoretic Approach for Active Defense Peng Liu Lab. for Info. and Sys. Security University of Maryland, Baltimore County Baltimore, MD 21250 OASIS,

1 A Game Theoretic Approach for Active Defense Peng Liu Lab. for Info. and Sys. Security University of Maryland, Baltimore County Baltimore, MD OASIS,
Access Control Chapter 3 Part 5 Pages 248 to 252.

Access Control Chapter 3 Part 5 Pages 248 to 252.
Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.

Cyber Threat Analysis  Intrusions are actions that attempt to bypass security mechanisms of computer systems  Intrusions are caused by:  Attackers accessing.
IDS/IPS Definition and Classification

IDS/IPS Definition and Classification
Presented by Justin Bode CS 450 – Computer Security February 17, 2010.

Presented by Justin Bode CS 450 – Computer Security February 17, 2010.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
1 A Queuing Formulation of Intrusion Detection with Active and Passive Responses Wei T. Yue, Metin Cakanyildirim, Young U. Ryu Department of Information.

1 A Queuing Formulation of Intrusion Detection with Active and Passive Responses Wei T. Yue, Metin Cakanyildirim, Young U. Ryu Department of Information.
1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.

1 Intrusion Detection CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 4, 2004.
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.

Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.

Copyright 2002, Center for Secure Information Systems 1 Panel: Role of Data Mining in Cyber Threat Analysis Professor Sushil Jajodia Center for Secure.
Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Intrusion detection Anomaly detection models: compare a user’s normal behavior statistically to parameters of the current session, in order to find significant.

Similar presentations

Ads by Google